• Home
  • |
  • Blog
  • |
  • How to Fix the 3 New Vulnerabilities in Lenovo UEFI?
How To Fix The 3 New Vulnerabilities In Lenovo UEFI

Martin Smolár, a security researcher from ESET, has disclosed 3 new vulnerabilities in Lenovo UEFI. The vulnerability is impacting multiple Lenovo consumer Notebook models like Yoga, IdeaPad, and ThinkBook devices leaving millions of laptops vulnerable. These vulnerabilities allows advisories to disable UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx) all simply from an OS on the affected devices. It is highly important for all the Lenovo Laptop holders to be aware of these three vulnerabilities. We created this post that tells you how to fix the 3 new vulnerabilities in Lenovo UEFI.

Before we begin exploring the 3 New Vulnerabilities In Lenovo UEFI, it is good to learn what is UEFI, what makes it different then BIOS, and what is a Secure Boot in UEFI. Without further due let’s get started.

What Is a Secure Boot in UEFI?

Sometimes, you may get confused between UEFI and BIOS. Here is a small note that lets you know the difference between UEFI and BIOS in simple words.

UEFI is the successor to BIOS, offering a more modern interface as well as additional features and capabilities. UEFI stands for Unified Extensible Firmware Interface and is essentially a software program that sits on top of your computer’s hardware and provides an interface between the operating system and the hardware.

BIOS, on the other hand, stands for Basic Input/Output System. It is a ROM chip that stores information about your computer’s hardware and how it should be configured. The BIOS is responsible for booting up your computer, and it generally does not offer as many features or capabilities as UEFI.

So, UEFI is a more modern version of BIOS that offers additional features and capabilities. It is not required on all computers, but it is becoming more common. If your computer has UEFI, you will likely see a UEFI options menu when you boot up the computer that will allow you to change UEFI settings.

What Is a Secure Boot in UEFI?

Secure boot is a feature of UEFI that allows the system to verify the authenticity of the operating system and other software components before allowing them to be loaded and executed. This helps to ensure that only trusted software can be run on the system, and helps to prevent malicious code from being installed or executed.

In order for secure boot to work, the system must first be configured with a set of trusted digital signatures. These signatures are used to verify the authenticity of the software components that are being loaded and executed. The system will only allow software components with a valid digital signature to be loaded and executed. This helps to ensure that only trusted software can run on the system.

Summary of the 3 New Vulnerabilities in Lenovo UEFI:

On November 2021, Martin Smolár, a security researcher from ESET reported the three flaws to the PC manufacturer. The vulnerabilities tracked as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432 let attackers to turn off Secure Boot, a feature of UEFI that allows the system to verify the authenticity of the operating system and other software components before allowing them to be loaded and executed.

Let’s see the summary of the three vulnerabilities CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432.

The vulnerability is stemmed from WMI Setup driver, which is used only during the manufacturing phase. But somehow it was mistakenly left in the production devices. This flaw allows an adversary with elevated privileges to modify Secure Boot setting by modifying an NVRAM variable.

List of Lenovo Laptops Vulnerable to the Flaws:

Lenovo has verified its Laptop modules and published the vulnerable models in its advisory report. Please don’t miss to see the list of Notebook models.

ProductComponentCVE-2022-3430CVE-2022-3431
D330-10IGL Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – D330-10IGLG0CN11WWG0CN11WW
IdeaPad 5 Pro 16ARH7BIOS Update for Windows 11 (64-bit) – IdeaPad 5 Pro 16ARH7J4CN33WWJ4CN33WW
IdeaPad 5 Pro 16IAH7BIOS Update for Windows 11 (64-bit) – IdeaPad 5 Pro 16IAH7J5CN27WWNot Affected
IdeaPad Duet 3 10IGL5BIOS Update for Windows 11 (64-bit) and Windows 10 (64-bit) – IdeaPad Duet 3-10IGL5EQCN37WWEQCN37WW
Lenovo Slim 7 16ARH7BIOS Update for Windows 11 (64-bit) – Yoga Slim 7 Pro 16ARH7KLCN15WWKLCN15WW
Lenovo ThinkBook 15p IMHBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Lenovo ThinkBook 15p IMHF6CN25WWNot Affected
S540-15IML Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – S540-15IMLNot AffectedCNCN22WW
Slim 7 Pro 16ACH6 Laptop (IdeaPad)BIOS Update for Windows 11 (64-bit) – Yoga Slim 7 Pro 16ACH6, Slim 7 Pro 16ACH6Not AffectedHUCN16WW
Slim 7-14ARE05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7-14ARE05, ideapad 7-14ARE05DMCN43WWNot Affected
Slim 7-14IIL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7-14IIL05, Yoga Slim 7-15IIL05, ideapad Slim 7-15IIL05, ideapad Slim 7-14IIL05DHCN35WWNot Affected
Slim 7-14ITL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7-14ITL05, Yoga Slim 7-15ITL05, IdeaPad Slim 7-14ITL05, IdeaPad Slim 7-15ITL05FBCN29WWNot Affected
Slim 7-15IIL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7-14IIL05, Yoga Slim 7-15IIL05, ideapad Slim 7-15IIL05, ideapad Slim 7-14IIL05DHCN35WWNot Affected
Slim 7-15IMH05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7 15IMH05, IdeaPad Slim 7 15IMH05, Yoga Creator 7-15IMH05DNCN32WWNot Affected
Slim 7-15ITL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7-14ITL05, Yoga Slim 7-15ITL05, IdeaPad Slim 7-14ITL05, IdeaPad Slim 7-15ITL05FBCN29WWNot Affected
ThinkBook 13x ITG LaptopBIOS Update for Windows 11 (64-bit) and Windows 10 (64-bit) – ThinkBook 13x ITGHLCN30WWHLCN30WW
ThinkBook 14 G2 ARE LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 14 G2 ARE, ThinkBook 15 G2 AREFACN33WWNot Affected
ThinkBook 14 G2 ITL LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 14 G2 ITL, ThinkBook 15 G2 ITLF8CN52WWNot Affected
ThinkBook 14 G3 ACL LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit)- ThinkBook 14 G3 ACL, ThinkBook 15 G3 ACLGQCN35WW_HFCN30WWNot Affected
ThinkBook 14 G3 ITL LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 14 G3 ITLHRCN13WWNot Affected
ThinkBook 14 G4 ABA LaptopBIOS Update for Windows 11 (64-bit) – ThinkBook 14 G4 ABA, ThinkBook 15 G4 ABAJPCN20WWNot Affected
ThinkBook 14 G4+ ARABIOS Update for Windows 11 (64-bit) – ThinkBook 14 G4+ ARA, ThinkBook 16 G4+ ARAJ6CN40WWJ6CN40WW
ThinkBook 14 G4+ IAP LaptopBIOS Update for Windows 11 (64-bit) – ThinkBook 14 G4+ IAP, ThinkBook 16 G4+ IAPHYCN40WWHYCN40WW
ThinkBook 14p G3 ARHBIOS Update for Windows 11 (64-bit) – ThinkBook 14p G3 ARHK4CN31WWNot Affected
ThinkBook 14s Yoga ITLBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ThinkBook 14s Yoga ITLFNCN40WWNot Affected
ThinkBook 15 G2 ARE LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 14 G2 ARE, ThinkBook 15 G2 AREFACN33WWNot Affected
ThinkBook 15 G2 ITL LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 14 G2 ITL, ThinkBook 15 G2 ITLF8CN52WWNot Affected
ThinkBook 15 G3 ACL LaptopBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit)- ThinkBook 14 G3 ACL, ThinkBook 15 G3 ACLGQCN35WW_HFCN30WWNot Affected
ThinkBook 15 G3 ITL LaptopBIOS Update for Windows 10 (64-bit) – ThinkBook 14 G3 ITLHRCN13WWNot Affected
ThinkBook 15 G4 ABA LaptopBIOS Update for Windows 11 (64-bit) – ThinkBook 14 G4 ABA, ThinkBook 15 G4 ABAJPCN20WWNot Affected
ThinkBook 15P G2 ITHBIOS Update for and Windows 11 (64-bit) – ThinkBook 15p G2 ITHHJCN31WWNot Affected
ThinkBook 16 G4+ ARABIOS Update for Windows 11 (64-bit) – ThinkBook 14 G4+ ARA, ThinkBook 16 G4+ ARAJ6CN40WWJ6CN40WW
ThinkBook 16 G4+ IAP LaptopBIOS Update for Windows 11 (64-bit) – ThinkBook 14 G4+ IAP, ThinkBook 16 G4+ IAPHYCN40WWHYCN40WW
ThinkBook 16p G3 ARHBIOS Update for Windows 11 (64-bit) – ThinkBook 16p G3 ARHKCCN31WWNot Affected
ThinkBook 16p NX ARHBIOS Update for Windows 11 (64-bit) – ThinkBook 16P NX ARHKJCN27WWKJCN27WW
ThinkBook Plus G2 ITGBIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – ThinkBook Plus G2 ITGGYCN31WWGYCN31WW
ThinkBook Plus G3 IAPBIOS Update for Windows 11 (64-bit) – ThinkBook Plus G3 IAPK6CN29WWK6CN29WW
Yoga Creator 7-15IMH05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7 15IMH05, IdeaPad Slim 7 15IMH05, Yoga Creator 7-15IMH05DNCN32WWNot Affected
Yoga Duet 7-13IML05BIOS Update for Windows 10 (64-bit) – Yoga Duet 7-13IML05ERCN30WWERCN30WW
Yoga Duet 7-13ITL6BIOS Update for Windows 11 (64-bit) and Windows 10 (64-bit) – Yoga Duet 7-13ITL6, Yoga Duet 7-13ITL6-LTEGPCN24WWGPCN24WW
Yoga Duet 7-13ITL6-LTEBIOS Update for Windows 11 (64-bit) and Windows 10 (64-bit) – Yoga Duet 7-13ITL6, Yoga Duet 7-13ITL6-LTEGPCN24WWGPCN24WW
Yoga Slim 7 Carbon 13ITL5 (ideapad)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Yoga Slim 7 Carbon 13ITL5, Yoga slim 7-13ITL05Not AffectedF7CN39WW
Yoga Slim 7 Pro 16ACH6 Laptop (IdeaPad)BIOS Update for Windows 11 (64-bit) – Yoga Slim 7 Pro 16ACH6, Slim 7 Pro 16ACH6Not AffectedHUCN16WW
Yoga Slim 7 Pro 16ARH7BIOS Update for Windows 11 (64-bit) – Yoga Slim 7 Pro 16ARH7KLCN15WWKLCN15WW
Yoga Slim 7-13ACN05 Laptop (ideapad)BIOS Update for Windows 11 (64-bit) and Windows 10 (64-bit) – Yoga Slim 7-13ACN05Not AffectedGHCN28WW
Yoga Slim 7-13ITL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) and Windows 11 (64-bit) – Yoga Slim 7 Carbon 13ITL5, Yoga slim 7-13ITL05Not AffectedF7CN39WW
Yoga Slim 7-14ARE05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7-14ARE05, ideapad 7-14ARE05DMCN43WWNot Affected
Yoga Slim 7-14IIL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7-14IIL05, Yoga Slim 7-15IIL05, ideapad Slim 7-15IIL05, ideapad Slim 7-14IIL05DHCN35WWNot Affected
Yoga Slim 7-14ITL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7-14ITL05, Yoga Slim 7-15ITL05, IdeaPad Slim 7-14ITL05, IdeaPad Slim 7-15ITL05FBCN29WWNot Affected
Yoga Slim 7-15IIL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7-14IIL05, Yoga Slim 7-15IIL05, ideapad Slim 7-15IIL05, ideapad Slim 7-14IIL05DHCN35WWNot Affected
Yoga Slim 7-15IMH05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7 15IMH05, IdeaPad Slim 7 15IMH05, Yoga Creator 7-15IMH05DNCN32WWNot Affected
Yoga Slim 7-15ITL05 Laptop (ideapad)BIOS Update for Windows 10 (64-bit) – Yoga Slim 7-14ITL05, Yoga Slim 7-15ITL05, IdeaPad Slim 7-14ITL05, IdeaPad Slim 7-15ITL05FBCN29WWNot Affected
ideapad 5 Pro-16ACH6 LaptopBIOS Update for Windows 11 (64-bit) and Windows 10 (64-bit) – IdeaPad 5 Pro-16ACH6, IdeaPad Creator 5-16ACH6Not AffectedGSCN34WW
ideapad 5 Pro-16IHU6 LaptopBIOS Update for Windows 11 (64-bit) and Windows 10 (64-bit) – IdeaPad 5 Pro-16IHU6Not AffectedGRCN22WW
ideapad Creator 5-16ACH6 LaptopBIOS Update for Windows 11 (64-bit) and Windows 10 (64-bit) – IdeaPad 5 Pro-16ACH6, IdeaPad Creator 5-16ACH6Not AffectedGSCN34WW

How to Fix the 3 New Vulnerabilities in Lenovo UEFI?

Upgrading the firmware in Lenovo Laptops is the best way to fix these new vulnerabilities.

BIOS can be updated in three different ways in Lenovo Laptops.

Method 1: Automatic Update

Update Lenovo drivers, BIOS, and applications using Lenovo System Update. Lenovo System Update is the latest program that can be used to update your Lenovo laptop drivers and other software. It can also detect when there are new versions of the BIOS and automatically install them.

To check if your Lenovo laptop has this feature, go to Start Menu > Control Panel > System and Security. Click on “System” and then click on “Advanced system settings.” On the left panel, click on “Advanced” and then click on “Update BIOS.”

If you see the “Update BIOS” option, your Lenovo laptop has the Lenovo System Update feature. If you don’t see this option, your Laptop doesn’t have this feature, and you’ll need to install the BIOS updates manually.

Method 2: WinFlash

To use Winflash to install a BIOS update:

  1. Download the most recent BIOS to your Windows desktop for easier usage. To locate and download the BIOS, follow these steps: Open the Lenovo support website (support.lenovo.com).
  2. Enter the system machine type or product name. On the product page, click Drivers & Software. Filter by BIOS/UEFI, and choose the corresponding OS information.
  3. Follow the instructions in the readme file to download and install the BIOS. Right-click on the BIOS flash package and select Run as administrator.
  4. A self-extracting window will appear on Windows, and you should click the Install button. Then click on the Flash BIOS button. A caution screen will appear to notify users to connect the system’s power outlet and supply additional flash information.
  5. Select the OK button. The BIOS update flashing program will automatically run. Please wait until the BIOS update flashing program has finished installation. When the BIOS update is completed, your computer reboots automatically.

Method 3: Update BIOS From Windows

Updating BIOS from Windows is simple and straight. Steps to update system BIOS in Lenovo Laptops:

  1. Visit the official Lenovo website and download the BIOS update file.
  2. Extract the downloaded file to a folder on your computer.
  3. Double-click on the extracted BIOS file to launch the update process.
  4. Follow the on-screen instructions to complete the BIOS update process.
  5. Restart your computer and check if the BIOS update is successful.

These are the steps to update the system BIOS in Lenovo Laptops. Following these steps should help you update your BIOS successfully. In case you face any issues, please reach out to the Lenovo support team for assistance.

We hope this post will help you know how to fix the 3 new vulnerabilities in Lenovo UEFI. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.